Project

General

Profile

Tâche #35945

Scénario #35830: Le certificat Let's Encrypt ne sont pas reconnu à l'enregistrement_zephir

Vérifier les certificats pour LemonLDAP sur AmonEcole

Added by Joël Cuissinat about 1 month ago. Updated 12 days ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
05/21/2024
Due date:
% Done:

100%

Remaining (hours):
0.0

Description

Les deux dernières exécutions AmonEcole sont en rouge : https://dev-eole.ac-dijon.fr/jenkins/job/2.9.0/job/test-instance-etb3amonecole-lemonng-2.9.0-amd64/

root@reseau:~# tail -fn19 /var/log/apache2/portal_error.log 
[Tue May 21 10:56:53.332330 2024] [ssl:info] [pid 577] AH01914: Configuring server auth.etb3.ac-test.fr:443 for SSL protocol
[Tue May 21 10:56:53.336108 2024] [ssl:info] [pid 577] AH02576: Attempting to load encrypted (?) private key auth.etb3.ac-test.fr:443:0
[Tue May 21 10:56:53.343884 2024] [ssl:error] [pid 577] AH02579: Init: Private key not found
[Tue May 21 10:56:53.343907 2024] [ssl:error] [pid 577] SSL Library Error: error:1E08010C:DECODER routines::unsupported (No supported data to decode.  Input type: DER, Input structure: PrivateKeyInfo)
[Tue May 21 10:56:53.343915 2024] [ssl:error] [pid 577] SSL Library Error: error:1E08010C:DECODER routines::unsupported (No supported data to decode. Input type: DER)
[Tue May 21 10:56:53.343922 2024] [ssl:error] [pid 577] SSL Library Error: error:068000A8:asn1 encoding routines::wrong tag
[Tue May 21 10:56:53.343932 2024] [ssl:error] [pid 577] SSL Library Error: error:0688010A:asn1 encoding routines::nested asn1 error
[Tue May 21 10:56:53.343940 2024] [ssl:error] [pid 577] SSL Library Error: error:0688010A:asn1 encoding routines::nested asn1 error (Field=version, Type=PKCS8_PRIV_KEY_INFO)
[Tue May 21 10:56:53.343948 2024] [ssl:error] [pid 577] SSL Library Error: error:068000A7:asn1 encoding routines::unsupported public key type
[Tue May 21 10:56:53.343954 2024] [ssl:error] [pid 577] SSL Library Error: error:1E08010C:DECODER routines::unsupported (No supported data to decode.  Input type: DER, Input structure: type-specific)
[Tue May 21 10:56:53.343963 2024] [ssl:error] [pid 577] SSL Library Error: error:1E08010C:DECODER routines::unsupported (No supported data to decode.  Input type: DER, Input structure: PrivateKeyInfo)
[Tue May 21 10:56:53.343970 2024] [ssl:error] [pid 577] SSL Library Error: error:1E08010C:DECODER routines::unsupported (No supported data to decode. Input type: DER)
[Tue May 21 10:56:53.343977 2024] [ssl:error] [pid 577] SSL Library Error: error:068000A8:asn1 encoding routines::wrong tag
[Tue May 21 10:56:53.343984 2024] [ssl:error] [pid 577] SSL Library Error: error:0688010A:asn1 encoding routines::nested asn1 error
[Tue May 21 10:56:53.343994 2024] [ssl:error] [pid 577] SSL Library Error: error:068000A8:asn1 encoding routines::wrong tag
[Tue May 21 10:56:53.344005 2024] [ssl:error] [pid 577] SSL Library Error: error:0688010A:asn1 encoding routines::nested asn1 error (Type=RSAPrivateKey)
[Tue May 21 10:56:53.344014 2024] [ssl:error] [pid 577] SSL Library Error: error:068000A8:asn1 encoding routines::wrong tag
[Tue May 21 10:56:53.344023 2024] [ssl:error] [pid 577] SSL Library Error: error:0688010A:asn1 encoding routines::nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Tue May 21 10:56:53.344036 2024] [ssl:emerg] [pid 577] AH02564: Failed to configure encrypted (?) private key auth.etb3.ac-test.fr:443:0, check /etc/ssl/certs/eole.crt

Associated revisions

Revision 5fb90b09 (diff)
Added by Emmanuel GARETTE about 1 month ago

Correction du chemin vers la clef de plus la chain est déjà calculé pour apache (ref #35945)

Revision 31bb691a (diff)
Added by Emmanuel GARETTE 13 days ago

Dans le cas de let's encrypt avec nginx en reverse proxy, le nom de domaine est dans les alternatives du certificat principal (ref #35945)

History

#1 Updated by Emmanuel GARETTE about 1 month ago

  • Status changed from Nouveau to À valider
  • Assigned To set to Emmanuel GARETTE
  • % Done changed from 0 to 100

#2 Updated by Laurent Gourvenec 17 days ago

  • Status changed from À valider to Résolu

#3 Updated by Joël Cuissinat 12 days ago

Test basique avec test-instance-etb3amonecole-lemonng-2.9.0-amd64 (paquets eole-lemonldap-ng 2.9.0-38) :
  • connexion EAD2 : OK
  • connexion Roundcube/Nextcloud : Auth OK mais fonctionnement KO... ça vient peut-être d'autre chose et on va pas creuser ça dans ce scénario

#4 Updated by Joël Cuissinat 12 days ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) set to 0.0

Also available in: Atom PDF